Here are all the places you need to check:
- Web Application Firewall, Site IP Blacklist
- Web Application Firewall, Security Exceptions Log
- Web Application Firewall, Auto IP Blocking Administration
- Web Application Firewall, Auto IP Blocking History
Alternatively, use Web Application Firewall, Unblock an IP to delete any records with that IP address.
Go to Web Application Firewall, Configure WAF, Basic Features. Is "Allow administrator access only to IPs in Whitelist" enabled? If so, go to Web Application Firewall, IP whitelisting and make sure the IP addresses are in that list. Otherwise access to the administrator are of the site will be disabled
without it being logged.
Do note that if access is disabled if a. IP whitelisting is enabled but the IP address is not in the IP Whitelist; b. IP blacklisting is enabled and the IP is in the Site IP Blacklist; c. the IP has been automatically blacklisted temporarily (Auto IP Blocking Administration) or permanently (Auto IP Blocking History); or d. the IP is in enough Security Exceptions Log entries to trigger automatic temporary or permanent IP blacklisting (case c) THEN there is no log entry generated about the blocked request. This is a reasonable feature to prevent your database crashing under the weight of someone persistently trying to attack your site after they have been IP blocked.
If that still doesn't help repeat all the steps above AND go to Web Application Firewall, Configure WAF, Basic Features and set "Enable IP workarounds" to No. Now have them retry accessing the site.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!